summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--modules/nixos/defaults/security.nix5
-rw-r--r--systems/glados-wsl/default.nix10
2 files changed, 11 insertions, 4 deletions
diff --git a/modules/nixos/defaults/security.nix b/modules/nixos/defaults/security.nix
index 8d7d879..a7c79ea 100644
--- a/modules/nixos/defaults/security.nix
+++ b/modules/nixos/defaults/security.nix
@@ -18,7 +18,10 @@
polkit.enable = true;
- sudo.enable = false;
+ sudo = {
+ enable = lib.mkDefault false;
+ execWheelOnly = true;
+ };
};
services.dbus.apparmor = lib.mkDefault "enabled";
diff --git a/systems/glados-wsl/default.nix b/systems/glados-wsl/default.nix
index 6a9cbba..9ca63ed 100644
--- a/systems/glados-wsl/default.nix
+++ b/systems/glados-wsl/default.nix
@@ -32,9 +32,13 @@
nixpkgs.hostPlatform = "x86_64-linux";
- # Something, something `resolv.conf` error
- # (nixos-wsl probably doesn't set it)
- security.apparmor.enable = false;
+ security = {
+ # Something, something `resolv.conf` error
+ # (nixos-wsl probably doesn't set it)
+ apparmor.enable = false;
+ # `run0` fails with `Failed to start transient service unit: Interactive authentication required.`
+ sudo.enable = true;
+ };
services = {
resolved.enable = false;
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 09:04:47 +0000